Alexey Markov

DOI: https://doi.org/10.48550/arXiv.1306.1958

2013-06-09

Abstract:An overview and classification of software testing models are done. Recommendations on the choice of models are proposed

Software Engineering

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Tianming Ni,Xiaoqing Wen,Hussam Amrouch,Cheng Zhuo,Peilin Song

DOI: https://doi.org/10.1145/3631476

IF: 1.447

2023-01-01

ACM Transactions on Design Automation of Electronic Systems

Abstract:The research on design for testability and reliability of security-aware hardware has been important in both academia and industry. With ever-growing globalization, commercial hardware design, manufacturing, transportation, and supply now involve many different countries, resulting in aggravated vulnerability from hardware design to manufacturing. Hardware with malicious purposes implanted from the third-party manufacturing process may control the operation of a circuit and tamper its functions, causing serious security issues. However, hardware includes not only devices and circuits but also systems. An important fact is that testability, reliability, and security technologies come from different design layers, but the impact evaluation is conducted at the system level. In other words, the testability, reliability, and security design of different layers can be carried out in a holistic manner to achieve optimization for the whole system. In addition, the testability, reliability, and security design technologies of each design layer can be collaboratively conducted to achieve better performance. The testability, reliability, and security tradeoff has garnered attention from academia and industry, particularly in the Post-Moore Era, due to the complexities and opportunities arising from new architectures and technologies.

Weiguang Wang,Qingkai Zeng,Aditya P. Mathur

DOI: https://doi.org/10.1109/qsic.2012.34

2012-01-01

Abstract:Formal specification is usually employed to avoid ambiguity of security requirements. However, it is hard to assure correctness of this formal model and its conformance with security implementation. In this paper, a framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure. Formal requirements are verified following integrated steps and formulae. Verified specification is used as the basis for security functional test and a test criterion called strict schema coverage is developed to derive tests. The framework is supported by Z specification Based Security Assurance Toolkit (ZBSAT). Empirical results on Chinese Wall Model (CWM) policy and its implementation demonstrate its feasibility. In addition, comparison results of mutation test explore the efficiency of this test approach.

Hongbo Li,Xiaohong Li,Jianye Hao,Guangquan Xu,Zhiyong Feng,Xiaofei Xie

DOI: https://doi.org/10.1109/QRS.2017.45

2017-01-01

Abstract:It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.

Linzhang Wang,Eric Wong,Dianxiang Xu

DOI: https://doi.org/10.1109/SESS.2007.2

2007-01-01

Abstract:In this paper, we propose a novel threat model-driven security testing approach for detecting undesirable threat behavior at runtime. Threats to security policies are modelled with UML (Unified Modeling Language) sequence diagrams. From a design-level threat model we extract a set of threat traces, each of which is an event sequence that should not occur during the system execution. The same threat model is also used to decide what kind of information should be collected at runtime and to guide the code instrumentation. The instrumented code is recompiled and executed using test cases randomly generated. The execution traces are collected and analyzed to verify whether the aforementioned undesirable threat traces are matched. If an execution trace is an instance of a threat trace, security violations are reported and actions should be taken to mitigate the threat in the system. Thus the linkage between models, code implementations, and security testing are extended to form a systematic methodology that can test certain security policies.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.4018/jisp.2011100102

2011-01-01

International Journal of Information Security and Privacy

Abstract:This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

ZHANG Yao,BAI Xiao-ying,ZHANG Ren-wei,LU Hao

DOI: https://doi.org/10.3969/j.issn.1002-137x.2013.02.034

2013-01-01

Computer Science

Abstract:Test adequacy analysis usually uses coverage criteria to evaluate test design with respect to specific software characteristics.Conventional adequacy methods have following problems to address test evaluation of large software systems.First,code-based coverage cannot ensure sufficient verification and validation of software requirements.Se-condly,software testing adequacy needs to take into consideration the contribution of different features.Important features deserve more test effort.The paper proposed a model-based approach for test adequacy analysis.An interface modelwas defined,representing executable software requirements for software components.Coverage of test case design was analyzed at two levels including service and service-compositions.Adequacy was calculated as weighted sum of coverage on various software features.Experiments were exercised to illustrate the proposed approach.

Siv Hilde Houmb,Shareeful Islam,Eric Knauss,Jan Jürjens,Kurt Schneider

DOI: https://doi.org/10.1007/s00766-009-0093-9

2009-11-28

Requirements Engineering

Abstract:Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 Common Criteria (CC) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the CC. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design, which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the CC, the heuristic requirements editor HeRA, and UMLsec. SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the CC, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.

computer science, information systems, software engineering

Yuhong Wen,Haihong Zhao,Lin Liu

DOI: https://doi.org/10.1109/RePa.2011.6046726

2011-01-01

Abstract:Security requirements analysis for business information systems in today's networked organization is difficult due to the complexity of the systems and the frequent change in the environment. Thus, it requires security knowledge to be explicitly represented, and well understood by system analysts and designer, which in turn being applied in feasible problem contexts. System requirements are often represented in modelling frameworks with different analytical focus, so security requirements knowledge shall reflect such difference and form an integrated treatment. This paper proposes to use modelling concepts from the i* and PF modeling language to capture recurring patterns of security problems. The main concepts used are actors, assets, and relations such as ownership and permissions. The major contribution of the approach is proposing the specific problem frames such as ownership, authorization, attack and protection, by decomposing a large problem into sub-problems (base frames), then evaluate the potential threats (attacking frames) applicable to each sub-problem by evaluate the compatibility of the two, security analysis is integrated into the system design process from the outset. The proposal can be generalized to the design of defensive measures as well as other NFR treatments. © 2011 IEEE.

Xue Wu,Chao Liu,Qingxin Xia

DOI: https://doi.org/10.1109/comcomap.2014.7017199

2014-01-01

Abstract:Safety requirements have commanded increasing attention as software is playing a more and more important role in today's safety critical systems. As many experts, scholars have found that the main reason for safety critical systems' accident is bad requirements which means inaccurate, incomplete or inconsistent requirements may lead to misunderstanding of the system and may cause a fault in software design and realization, and brought disaster to people or environment. The main reason of bad requirements is poor communication between safety engineers and requirements analysis engineers. Safety requirements essentially are requirements to protect the software system go into a danger state which will cause lost of life or asset or environment damage. Safety requirements deal with errors, faults that the system may come across. So In this paper, we combine fault protection concepts with safety requirements, and propose a model-based safety requirements modeling approach named Safety RUCM to describe safety requirements in order to reduce inaccurate, incomplete or inconsistent safety requirements and at the same time to enhance mutual understanding on safety requirements between safety.

Lin Liu,Eric Yu,John Mylopoulos

2002-01-01

Abstract:Security issues for software systems ultimately concern relationships among social actors -- stakeholders, users, potential attackers, etc. -- and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework.

Golnaz Elahi,Eric Yu,Tong Li,Lin Liu

DOI: https://doi.org/10.1109/compsac.2011.48

2011-01-01

Abstract:Various governmental or academic institutes survey current security trends, and report vulnerabilities, security breaches, and their costs. However, it is unclear whether (and how) practitioners analyze these vulnerabilities and attacks to arrive at security requirements and decide on security solutions. What modeling methods are used for eliciting, analyzing, and documenting security requirements in real-world practice? This paper intends to answer such questions through a survey of security requirements engineering practices. 374 software professionals from 237 International and Chinese firms participated in the survey. The results show businesses often try to consider security from early stages of the development life cycle, however, ultimately, security is left to be built into the system at the implementation phase. We observed that practitioners favour qualitative risk assessment rather than quantitative approaches, and this helps them consider more varieties of factors when comparing alternative security design solutions.

Eduardo dos Santos,Andrew Simpson,Dominik Schoop

DOI: https://doi.org/10.4204/EPTCS.271.7

2018-05-15

Abstract:Ensuring a car's internal systems are free from security vulnerabilities is of utmost importance, especially due to the relationship between security and other properties, such as safety and reliability. We provide the starting point for a model-based framework designed to support the security testing of modern cars. We use Communicating Sequential Processes (CSP) to create architectural models of the vehicle bus systems, as well as an initial set of attacks against these systems. While this contribution represents initial steps, we are mindful of the ultimate objective of generating test code to exercise the security of vehicle bus systems. We present the way forward from the models created and consider their potential integration with commercial engineering tools

Cryptography and Security,Software Engineering

Cataldo Basile,Gabriele Gatti,Francesco Settanni

2024-05-06

Abstract:Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.

Cryptography and Security

Vivek Nigam,Alexander Pretschner,Harald Ruess

DOI: https://doi.org/10.48550/arXiv.1810.04866

2018-10-11

Logic in Computer Science

Abstract:By exploiting the increasing surface attack of systems, cyber-attacks can cause catastrophic events, such as, remotely disable safety mechanisms. This means that in order to avoid hazards, safety and security need to be integrated, exchanging information, such as, key hazards/threats, risk evaluations, mechanisms used. This white paper describes some steps towards this integration by using models. We start by identifying some key technical challenges. Then we demonstrate how models, such as Goal Structured Notation (GSN) for safety and Attack Defense Trees (ADT) for security, can address these challenges. In particular, (1) we demonstrate how to extract in an automated fashion security relevant information from safety assessments by translating GSN-Models into ADTs; (2) We show how security results can impact the confidence of safety assessments; (3) We propose a collaborative development process where safety and security assessments are built by incrementally taking into account safety and security analysis; (4) We describe how to carry out trade-off analysis in an automated fashion, such as identifying when safety and security arguments contradict each other and how to solve such contradictions. We conclude pointing out that these are the first steps towards a wide range of techniques to support Safety and Security Engineering. As a white paper, we avoid being too technical, preferring to illustrate features by using examples and thus being more accessible.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Wen-ling Huang,Jan Peleska

DOI: https://doi.org/10.48550/arXiv.2105.11786

2021-05-25

Software Engineering

Abstract:In this paper, new contributions to requirements-based testing with deterministic finite state machines are presented. Elementary requirements are specified as triples consisting of a state in the reference model, an input, and the expected reaction of the system under test defined by a set of admissible outputs, allowing for different implementation variants. Composite requirements are specified as collections of elementary ones. Two requirements-driven test generation strategies are introduced, and their fault coverage guarantees are proven. The first is exhaustive in the sense that it produces test suites guaranteeing requirements satisfaction if the test suite is passed. If the test suite execution fails for a given implementation, however, this does not imply that the requirement has been violated. Instead, the failure may indicate an arbitrary violation of I/O-equivalence, which could be unrelated to the requirement under test. The second strategy is complete in the sense that it produces test suites guaranteeing requirements satisfaction if and only if the suite is passed. Complexity considerations indicate that for practical application, the first strategy should be preferred to the second. Typical application scenarios for this approach are safety-critical systems, where safety requirements should be tested with maximal thoroughness, while user requirements might be checked with lesser effort, using conventional testing heuristics.

Ariessa Davaindran Lingham,Nelson Tang Kwong Kin,Chen Wan Jing,Chong Heng Loong,Fatima-tuz-Zahra

DOI: https://doi.org/10.48550/arXiv.2012.13108

2020-12-24

Abstract:Security holds an important role in a software. Most people are not aware of the significance of security in software system and tend to assume that they will be fine without security in their software systems. However, the lack of security features causes to expose all the vulnerabilities possible to the public. This provides opportunities for the attackers to perform dangerous activities to the vulnerable insecure systems. This is the reason why many organizations are reported for being victims of system security attacks. In order to achieve the security requirement, developers must take time to study so that they truly understand the consequences and importance of security. Hence, this paper is written to discuss how secure software development can be performed. To reach the goal of this paper, relevant researches have been reviewed. Multiple case study papers have been studied to find out the answers to how the vulnerabilities are identified, how to eliminate them, when to implement security features, why do we implement them. Finally, the paper is concluded with final remarks on implementation of security features during software development process. It is expected that this paper will be a contribution towards the aforementioned software security domain which is often ignored during practical application.

Software Engineering